Hello all,
my freenas is configured to use ldap "openldap" server, for afp shares.
Since i've upgraded to 9.3, i got this error:
Aug 27 15:43:20 olympe sssd[be[LDAP2]]: Could not start TLS encryption. error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unable to get local issuer certificate)
According to doc:
http://doc.freenas.org/9.3/freenas_system.html#cas
i have to import the CA certificate of my ldap server, called cacert.pem (this is the certificate i deploy on linux clients for instance).
The doc said:
"If your organization already has a CA, you can import the CA’s certificate and key"
but it doesn't work, as the winodw requires a passphrase i never had.
Even in this thread:
https://forums.freenas.org/index.php?threads/ldap-config-certificate-drop-down-list-empty.27762/, it was said:
The certificate field in de advanced ldap config should point to the CA that signed the certificate of the LDAP server. You can upload the CA certificate under: system > CAs
If it in not possible with GUI, is it possible by CLI? is it a correct workaround?
thanks in advance for help,
my freenas is configured to use ldap "openldap" server, for afp shares.
Since i've upgraded to 9.3, i got this error:
Aug 27 15:43:20 olympe sssd[be[LDAP2]]: Could not start TLS encryption. error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unable to get local issuer certificate)
According to doc:
http://doc.freenas.org/9.3/freenas_system.html#cas
i have to import the CA certificate of my ldap server, called cacert.pem (this is the certificate i deploy on linux clients for instance).
The doc said:
"If your organization already has a CA, you can import the CA’s certificate and key"
but it doesn't work, as the winodw requires a passphrase i never had.
Even in this thread:
https://forums.freenas.org/index.php?threads/ldap-config-certificate-drop-down-list-empty.27762/, it was said:
The certificate field in de advanced ldap config should point to the CA that signed the certificate of the LDAP server. You can upload the CA certificate under: system > CAs
If it in not possible with GUI, is it possible by CLI? is it a correct workaround?
thanks in advance for help,